CVE-2020-25690

Published: Feb 23, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Affected (1)

Products: Fontforge: Fontforge

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fontforge Fontforge	Before 20200314

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=1893188

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1893188

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.